pidgin/pidgin

Make ssl_*_read robust against bogus connection, like ssl_*_write is
discord-ssl-crash
2020-04-04, Samuel Thibault
3e026e7db681
Parents 0a7484792f62
Children 0988a438ed3ea86b4b3de249
Make ssl_*_read robust against bogus connection, like ssl_*_write is
2 files changed, 6 insertions(+), 2 deletions(-)
  • +3 -2
    libpurple/plugins/ssl/ssl-gnutls.c
  • +3 -0
    libpurple/plugins/ssl/ssl-nss.c
    • --- a/libpurple/plugins/ssl/ssl-gnutls.c Mon Dec 16 20:20:20 2019 -0600
    +++ b/libpurple/plugins/ssl/ssl-gnutls.c Sat Apr 04 01:36:20 2020 +0200
    @@ -451,9 +451,10 @@
    ssl_gnutls_read(PurpleSslConnection *gsc, void *data, size_t len)
    {
    PurpleSslGnutlsData *gnutls_data = PURPLE_SSL_GNUTLS_DATA(gsc);
    - ssize_t s;
    + ssize_t s = 0;
    - s = gnutls_record_recv(gnutls_data->session, data, len);
    + if(gnutls_data)
    + s = gnutls_record_recv(gnutls_data->session, data, len);
    if(s == GNUTLS_E_AGAIN || s == GNUTLS_E_INTERRUPTED) {
    s = -1;
    --- a/libpurple/plugins/ssl/ssl-nss.c Mon Dec 16 20:20:20 2019 -0600
    +++ b/libpurple/plugins/ssl/ssl-nss.c Sat Apr 04 01:36:20 2020 +0200
    @@ -529,6 +529,9 @@
    PRInt32 ret;
    PurpleSslNssData *nss_data = PURPLE_SSL_NSS_DATA(gsc);
    + if (!nss_data)
    + return 0;
    +
    ret = PR_Read(nss_data->in, data, len);
    if (ret == -1)